Another Italian community server violated?
After the recent discovery that the Italian Autistici/Inventati server had been seized by the Italian police and a backdoor had been probably installed to allow for easier monitoring of all communication going through it, looks like another Italian community server could have endured the same fate.
On Monday 27 June 2005, two members of FLUG (Firenze Linux User Group) visited the data centre of Dada S.p.a., in Milan, where the community server of the group is physically housed, in order to move it to another provider.
When the server was put out of the rack, however, it was discovered that the upper lid of the server case was half-opened. At a closer inspection, it was also discovered that the case lid was scratched, as if it had been put out and reinserted into the rack. Worse, the CD-ROM cable was missing, as were the screws that kept the hard disks in place.
Dada S.p.a. was immediately contacted, but its representatives denied any fiddling with the server. Other FLUG members that could have potentially had access to the server farm confirmed that they had not tampered with the server.
Even though a quick forensics analysis of the system showed that no shutdown and reboot operations, besides those that had been planned in the past, had taken place (the hard disks were not “hot swappable”, therefore a shutdown of the machine is necessary in order to take them off the server) FLUG decided to consider the server as compromised, as the shutdown/reboot operations could have been erased from the logs.
What is particularly worrying is that the server hosted an anonymous remailer, whose keys and anonymity capabilities could have been compromised. Considering what happened to Autistici/Inventati server – which hosted another anonymous remailer – this possibility is not so far fetched. This begs the question whether a co-ordinated attempt at intercepting anonymous/private communications on the Internet has been ongoing in the past weeks and months.
An interrogation to the relevant ministries will be probably issued in the coming days by Mr Fiorello Cortiana (Green Party).
EDRI-gram 3.13, Autistici/Inventati server seized by the Italian police (29.06.2005)
http://www.edri.org/edrigram/number3.13/backdoor
Web page of the Firenze Linux User Group (FLUG)
Announcement by FLUG
http://punto-informatico.it/p.asp?i=53755
Photos of the server
http://www.firenze.linux.it/~leandro/compromissione/
(Contribution by Andrea Glorioso, Italian consultant on digital policies)